Documentation for: MTA developers
|
|
- Ilene Mathews
- 5 years ago
- Views:
Transcription
1 This document contains implementation guidelines for developers of MTA products/appliances willing to use Spamhaus products to block as much spam as possible. No reference is made to specific products. Rather, the focus is on the actions to be taken. It will be assumed throughout that DQS is used as a delivery mechanism. API access Spamhaus databases are consulted through DNS queries, where the object to be queried (an IP or a domain/hostname) is prepended to a DNSBL domain zone. DNSBL domain zones are called <key>.<name>.dq.spamhaus.net, where <name> is the zone name and can be sbl, xbl, sbl-xbl, pbl, zen, dbl or zrd (see table below), while <key> is a 26-character code specific to each customer. Keys corresponding to terminated contracts no longer work. Also, IP and domain services can be individually turned on and off for a certain key. If a service is off, a DNS "refused" answer packet is returned, resulting in a SERVFAIL DNS answer. The software should make sure that the key actually works before using it, and the check must be done for both IP and domain services if both are being used. We recommend the following test queries of type A to make sure that the service is active; for IP data access: <key>.sbl.dq.spamhaus.net This query will return if the query service for IP addresses is active, SERVFAIL if it is not. Similarly, for domain data: RFC Access methods as well as implementation details on DNSBLs are described in RFC5782 Query failure If a DNSBL query returns SERVFAIL, something is off test.<key>.dbl.dq.spamhaus.net This query will return if the query service for domain data is active, SERVFAIL if it is not. 1 of 9
2 The Spamhaus DNSBL zones The following table summarizes the DNSBL zones that can be queried, the Spamhaus databases they are connected to, and the possible return codes (A record in the DNS answer). In all cases a TXT lookup returns a URL pointing to a description of the problem. NXDOMAIN answers indicate that the IP address or domain queried is not listed. DNSBL Type Database Return Codes sbl IP SBL SBL (manually managed) CSS (automated) DROP (always in addition to SBL) xbl IP XBL CBL from to.7 - currently unused sbl-xbl IP SBL+XBL SBL CSS DROP CBL (see details above) Return Codes DNSBLs return one or more A records for positive replies. Each returned A record (associated with a different IP) is used to represent a specific message pbl IP PBL entry maintained by ISP entry maintained by Spamhaus zen IP SBL+XBL+PBL SBL CSS DROP CBL PBL PBL (see details above) dbl Domain DBL low-reputation domain phishing-related domain malware-related domain botnet C&C domain abused-legit domain abused redirector abused domain used in phishing abused domain used by malware abused domain hosting C&C ERROR: IP query against a domain list zrd Domain ZRD domain first seen between 0 and 2 hours ago domain first seen between 2 and 3 hours ago [ ] domain first seen between 23 and 24 hours ago 2 of 9
3 Query structure The zones sbl, xbl, sbl-xbl, pbl and zen answer queries for IP addresses, while dbl and zrd answer queries for domains. One must avoid to send IP queries to domain databases or domain queries to IP databases. IPs can be either IPv4's or IPv6's, as described below. Queries for IPv4 addresses. In this case, the four octets of the IP addresses are inverted in the query. For instance, to query sbl about the listing status of one would use <key>.sbl.dq.spamhaus.net Queries for IPv6 addresses. In this case the address must be transformed into a nibble format, which means all the hex digits of the expanded IPv6 address in reverse order and separated by dots. For instance, to query sbl about the listing status of 2001:db8:7ca6:22::45 one would use RDNS The format used to represent IP addresses in DNSBL queries is the same used by the in-addr.arpa and ip6.arpa zones to represent reverse DNS lookups a.c. 7.8.b.d <key>.sbl.dq.spamhaus.net Queries for domains or hostnames. In this query the domain/ hostname is simply prepended to the dbl (or zrd) DNSBL zone name: example.com.<key>.dbl.dq.spamhaus.net It must be emphasized that both dbl and zrd are wildcarded zones that do not consider the hostname part of fully qualified domain names. Therefore, fully qualified domain names can be inserted as they are in the DNS queries, without having to strip away the domain part. For both IP and domain datasets, a reply providing one or more A records within /8 is considered a positive reply (meaning the queries resource is listed), whereas an NXDOMAIN (host not found) represents a negative reply (resource not listed). Querying code is expected to go through all the A records provided by a positive reply and act accordingly to each one, as opposed to just picking up the first entry, as that single reply may not be the one the specific check was supposed to trigger upon. Therefore, for example, checking the IP against the zen zone may return the following: <key>.zen.dq.spamhaus.net. 60 IN A <key>.zen.dq.spamhaus.net. 60 IN A <key>.zen.dq.spamhaus.net. 60 IN A <key>.zen.dq.spamhaus.net. 60 IN A Indicating that this IP is listed in SBL ( ), in the CSS component of SBL ( ), it is part of a DROP IP range ( ) and is listed in the CBL (part of XBL) as well ( ). It is not listed on PBL. 3 of 9
4 Queries returning IPs outside /8 are absolutely not expected and mean something is interfering with the DNS resolution process. Such replies must be discarded and the DNS resolution chain investigated to exclude the misbehaving actor. Zones, Databases and Datasets Some words are worth spending clarifying the differences between the concepts of zones, databases and datasets and their meaning in the Spamhaus data. A zone is referred to a DNS API endpoint used to access a certain set of databases (one or more). For example, zen is the way endpoint exposing the three databases named sbl, xbl and pbl together, so they can all be queried with a single request. A database is a corpus of data that is distributed as a single entity, and is composed of one or more datasets. For example, the sbl database groups together the actual sbl dataset, the css dataset and the DROP dataset. Usually the record returned by each dataset can be distinguished based on the return code, in order to allow the querying software to take different actions based on the actual dataset matched by the query. A dataset is a set of records that share the same purpose and policy, and are usually built by the same processes. Sometimes this actually hides an additional layer of datasets that are in truth separate in terms of origin for technical reasons, but are seen as a single entity as they can just be treated the same way from the consumer point of view. An example of this is css, that is in truth composed of the two separate datasets ccs4 (for IPv4 data) and css6 (for IPv6 data). Sometimes the distinction above can be perceived as confusing, as some zones have the same name as a database and a dataset. This happens for historical reasons: the SBL was originally a database consisting of a single dataset and published as a zone. With time other datasets started being created and added to the same zone as integrations. Usually this is not a big issue, as when it comes to consuming the data all the querier sees and should care about is the return code received as reply to a query, as this is independent from the zone the query was performed against. References to -for example- listed by sbl should therefore be intended as listed by the sbl dataset, unless specified otherwise. Datasets enumeration and description SBL ( ) It s a manually maintained list of abuse-related resources, not necessarily of exclusively SMTP emitters. Resources that can be listed in the SBL are for example webservers or DNS servers (sometimes, even routers) providing service to abusing actors, either as a result of a compromise or because they're dedicated to that purpose. In general, outright blocking at the SMTP level a source that is listed by the SBL is supposed to be safe in terms of false positives. 4 of 9
5 Another usage with a fairly low false-positive rate is checking the IPs contained in the Received headers of the messages (socalled Deep-Header Parsing, or DHP). Due to the characteristics above, however, other uses are possible: for example, a sender whose domain is served by an SBL-listed DNS server has a non-trivial probability of being abusive too. Similarly, if the message contains URLs resolving to SBL-listed addresses, there's a reasonable chance the message is abusive. However, use of the SBL for these specific purposes is encouraged only within scoring systems, as a contribution to a decision taken upon multiple factors. CSS ( ) It's a completely automated sublist, listing SMTP emitters associated with a low reputation or confirmed abuse. This can either mean a resource controlled by an abusing actor or a compromised host. Its usage should be limited to the sending IP and can be used to outright reject the delivery. DROP ( ) It's an additional flag added to SBL listings, indicating that the resource is known to be controlled by a bad actor, usually part of IP resources assigned to known rogue entities. Bulletproof hosters and similar shady operators are a typical example. It is strongly suggested to avoid any kind of interaction with entities listed by this dataset. XBL ( ) It's a list of IPs hosting compromised host. As these hosts are generally used to emit spam (among other bad deeds) the first suggested use for this dataset is to outright block SMTP deliveries coming from an IP listed by it. Hosts can be compromised and be used for abusive purposes even without actually emitting spam, however. For this reason other usages are possible: for example if an URL contained in the message body points to an exploited webserver, there's a non-trivial chance that the message itself is spam, pointing the recipient to an abusive URL that will be redirecting him to the spammer's website or -in the worst case- downloading malware of some sort. Using the XBL to check the IPs URLs point to is therefore possible and suggested, but only as part of a scoring system where this is one of the indicators taken into account. Similarly, using DHP against the XBL is possible, but the chance of false positive can be quite significant, particularly in cases where the source is on a dynamically assigned address (meaning the sender inherited an IP that hosted a compromised system hours before) or in case of NAT (where one host is compromised but most others are not, but all share the same public IP); therefore, it should only be used in a scoring system. 5 of 9
6 PBL ( ) It's not -strictly speaking- an abuse-related list: it's a list of dynamic and low-security IP space. In general, it's address space that should never host an SMTP server, therefore any SMTP connection coming from this IP space is almost certainly abusive. Since every message has to originate somewhere, DHP against PBL makes no sense and is highly discouraged. On the other hand, scoring based on PBL for URLs is possible, although not particularly performant. Two return codes are associated with this dataset, telling whether the nature of the listed subnet has been inferred by Spamhaus ( ) or indicated directly by the ISP responsible for the network ( ). DBL ( ) It s a database of domains with a poor reputation. What the DBL does is effectively keeping track and computing a reputation score for every domain seen on the Internet and produce a list of those that are above a certain threshold have been observed active in the last X days Different return codes are used to tag the type of abuse the domain has been observed involved in whenever that information is available. One thing that should be noted is that not all the records have the same meaning in term of badness : basically two separate sets of return codes are provided: identify resources that are considered inherently bad or associated with a low reputation. In general, it means that the domain is safe to block according to Spamhaus data identify domains that -while not inherently bad - have been observed involved in abuse. Briefly referred to as abused-legit the typical example of this is a domain that due to a security issue is currently serving malicious contents. This second set of return codes is only suggested for use in scoring systems. If queried for an IP, the DBL will return a positive reply with the return code : this should be under any aspect treated as an error code, with the meaning IP queries not supported. ZRD ( ) It s a database of domains that have been observed for the first time less than one day before. Given the amount of abusive domains registered every day just to be thrown away immediately after minutes of use, these domains should and can be treated with extreme prejudice. The fourth octet of the return code is used to indicate the time elapsed since its first observation (from 0 to 24 hours). 6 of 9
7 Checking SMTP messages In an SMTP transaction, the sending host opens a TCP connection on port 25 and basically sends the following commands: HELO myname.helodomain.com MAIL FROM: <user@senddomain.com> RCPT TO: <ouruser@ourdomain.com> DATA Headers Body (with EHLO possibly in place of HELO). Before the DATA stage even starts -and therefore before the message is actually transmitted- the SMTP protocol gives the following four parameters that can be used to check the sender's reputation: connecting IP address (IP) reverse DNS (PTR) of the connecting IP address, if present (Domain) domain used in HELO/EHLO like helodomain.com in the example above (Domain) domain used in MAIL FROM (envelope from) like senddomain.com in the example above (Domain) Spamhaus recommends the following actions based on these parameters before getting to the DATA stage: reject the transaction if the connecting IP is listed by the SBL zone components, by XBL or by PBL (in other words, any hit against the zen zone, as long as the return code is contained in /8) reject the transaction if the reverse DNS of the connecting IP (when defined) is listed by DBL with a return code lower than reject the transaction if the domain used in HELO/EHLO is listed by DBL with a return code lower than reject the transaction if the domain used in MAIL FROM is listed by DBL with a return code lower than reject the transaction if the reverse DNS of the connecting IP (when defined) is listed by ZRD with a return code lower than or equal to reject the transaction if the domain used in HELO/EHLO is listed by ZRD with a return code lower than or equal to trigger greylisting if the domain used in MAIL FROM is listed by ZRD with a return code lower than or equal to Numeric HELO Despite being an error code, can still be useful when the resource checked against the DBL is an HELO string, as no valid HELO string can be in the form of an IP address Note that DBL return codes larger than refer to abused legitimate domains and they should be used only in contents analysis of message bodies to prevent false positives. 7 of 9
8 Also note that the "24" in the ZRD rules is the maximum number of hours elapsed from the first observation of the domain, and can be decreased for a less aggressive behaviour toward new domains appearing on the Internet. SMTP transactions not rejected by the criteria above should be accepted and subjected to the contents analysis described below. Both the message headers and the message body are transmitted within the SMTP DATA command. For platforms and traffic volumes that allow this, the contents analysis should preferably be done while the original SMTP connection is still open, at the end of the DATA stage but before OK'ing the transmission to the sender. This would give the opportunity to issue an immediate rejection based on contents to the sending server, rather than accepting and bouncing it later as a non-delivery notification to the envelope sender. The envelope sender is often forged in spam, and such non-delivery notifications would turn the receiving server into a backscatter spam source. "Spam folders" are commonly used to avoid this problem, but not notifying the sender in any way could also be a problem in case a legitimate message is flagged as spam. Immediate rejections during the SMTP DATA stage do not cause backscatter. Headers checks We suggest to check the following actions: score the message negatively if an IP address appearing in the second Received: line, or deeper ones when present, is listed in SBL, CSS or XBL flag the mail as spam if the domain appearing in the From: user@fromdomain.com line (if present) is listed by DBL with a return code lower than flag the mail as spam if the domain appearing in the Reply-To: user@replytodomain.com line (if present) is listed by DBL with a return code lower than flag the mail as spam if the domain appearing in the Message-ID: <string@msgiddomain.com> line is listed by DBL with a return code lower than Again, DBL return codes larger than refer to abused legitimate domains and we recommend to use them only to score URLs in message bodies to prevent false positives. Also note that PBL listings should never be used as a spam criterion for originating IPs appearing in Received: header lines. Legitimate messages are normally originated by IP addresses listed in PBL, and they must not be penalized in any way for this reason. Body checks After properly decoding the message (that can use particular character sets, be encoded in Base64, etc), we recommend to identify all the URLs, including addresses, appearing in the message body, and then extract IP addresses and domains out of these URLs. 8 of 9
9 Then the following checks can be operated: score the message negatively if any URL contains an IP address listed by the SBL or XBL zones components (any return code) score the message negatively if any URL contains a domain/ hostname listed by DBL (any return code, including the abuse legit ones, although different scores should be applied to the two groups) or by ZRD (any return code, or return codes limited to a maximum of N hours from the appearance of the domain) Optionally one can also: score the message negatively if any URL contains a domain/ hostname authoritatively served by a nameserver whose IP address is listed by SBL score the message negatively if any URL contains a domain/ hostname authoritatively served by a nameserver whose domain is listed by DBL with a return code lower than Numeric URLs Remember that DBL is not expected to receive any IP-based query. If the URL contained in the message body is pointing to a raw IP, that should be checked against IP-based databases only 9 of 9
Data Query Service Manual
1.0 - Datafeed Query Service Your Datafeed Query Account Key is: 26 digit code personal to you To query the datafeed query service, your key is added to the DNSBL zone names that you will use in the same
More informationTracking Messages. Message Tracking Overview. Enabling Message Tracking. This chapter contains the following sections:
This chapter contains the following sections: Message Tracking Overview, page 1 Enabling Message Tracking, page 1 Searching for Messages, page 2 Working with Message Tracking Search Results, page 4 Checking
More informationApplication Inspection and Control for SMTP
Application Inspection and Control for SMTP First Published: July 11, 2008 Last Updated: July 11, 2008 The Application Inspection for SMTP feature provides an intense provisioning mechanism that can be
More informationCHAPTER 22 DISTRIBUTED APPLICATIONS ANSWERS TO QUESTIONS ANSWERS TO PROBLEMS
CHAPTER 22 DISTRIBUTED APPLICATIONS ANSWERS TO QUESTIONS 22.1 RFC 821 defines SMTP which is the protocol for exchanging email messages. RFC 822 describes the format of those messages. 22.2 The Simple Mail
More informationDetecting and Quantifying Abusive IPv6 SMTP!
Detecting and Quantifying Abusive IPv6 SMTP Casey Deccio Verisign Labs Internet2 2014 Technical Exchange October 30, 2014 Spam, IPv4 Reputation and DNSBL Spam is pervasive Annoying (pharmaceuticals) Dangerous
More informationTracking Messages
This chapter contains the following sections: Tracking Service Overview, page 1 Setting Up Centralized Message Tracking, page 2 Checking Message Tracking Data Availability, page 4 Searching for Email Messages,
More informationCiphermail Webmail Messenger Administration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Webmail Messenger Administration Guide October 27, 2017, Rev: 8630 Copyright 2013-2017, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Admin login
More information[Prof. Rupesh G Vaishnav] Page 1
Q-1 Explain DNS (Domain Name System) in detail with example. OR Explain : DNS and its advantages DNS is an internet service that translates domain names into IP addresses. Because domain names are alphabetic,
More informationFiltering 7 April 2014
Email Filtering 2014 Fortinet Inc. All rights reserved. The information contained herein is subject to change without notice. No part of this publication including text, examples, diagrams 1 or illustrations
More informationDomain Name System (DNS) Session-1: Fundamentals. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session-1: Fundamentals Joe Abley AfNOG Workshop, AIS 2017, Nairobi Computers use IP addresses. Why do we need names? Names are easier for people to remember Computers may be moved
More informationanti-spam techniques beyond Bayesian filters
anti-spam techniques beyond Bayesian filters Plain Old SMTP protocol overview Grey-Listing save resources on receiver side Authentication of Senders Sender ID Framework DomainKeys signingbased IP-based
More informationNetwork Working Group Request for Comments: 4408 Category: Experimental April 2006
Network Working Group M. Wong Request for Comments: 4408 W. Schlitt Category: Experimental April 2006 Status of This Memo Sender Policy Framework (SPF) for Authorizing Use of Domains in E-Mail, Version
More informationInternet Engineering Task Force (IETF) Obsoletes: 4408 April 2014 Category: Standards Track ISSN:
Internet Engineering Task Force (IETF) S. Kitterman Request for Comments: 7208 Kitterman Technical Services Obsoletes: 4408 April 2014 Category: Standards Track ISSN: 2070-1721 Abstract Sender Policy Framework
More informationNetwork Working Group. Expires: June 30, 2005 December 30, 2004
Network Working Group M. Wong Internet-Draft W. Schlitt Expires: June 30, 2005 December 30, 2004 Sender Policy Framework: Authorizing Use of Domains in E-MAIL draft-schlitt-spf-classic-00 Status of this
More informationIntroduction to the Domain Name System
The Domain Name System (DNS) handles the growing number of Internet users. DNS translates names, such as www.cisco.com, into IP addresses, such as 192.168.40.0 (or the more extended IPv6 addresses), so
More informationNetworking Revision. TCP/IP Protocol Stack & OSI reference model. Basic Protocols. TCP/IP Model ANTHONY KAO NETWORKING FINAL EXAM SPRING 2014 REVISION
Networking Revision TCP/IP Protocol Stack & OSI reference model Basic Protocols TCP/IP Model 1 OSI (Open Systems Interconnection) Model main purpose to aid in clearer understanding of the functions and
More informationNetwork Working Group. Expires: November 21, 2005 May 20, 2005
Network Working Group M. Wong Internet-Draft W. Schlitt Expires: November 21, 2005 May 20, 2005 Sender Policy Framework (SPF) for Authorizing Use of Domains in E-MAIL, version 1 draft-schlitt-spf-classic-01
More informationI G H T T H E A G A I N S T S P A M. ww w.atmail.com. Copyright 2015 atmail pty ltd. All rights reserved. 1
T H E F I G H T A G A I N S T S P A M ww w.atmail.com Copyright 2015 atmail pty ltd. All rights reserved. 1 EXECUTIVE SUMMARY IMPLEMENTATION OF OPENSOURCE ANTI-SPAM ENGINES IMPLEMENTATION OF OPENSOURCE
More informationAdvanced Settings. Help Documentation
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2018 SmarterTools Inc. Advanced Settings Abuse Detection SmarterMail has several methods
More informationEthical Hacking and. Version 6. Spamming
Ethical Hacking and Countermeasures Version 6 Module XL Spamming News Source: http://www.nzherald.co.nz/ Module Objective This module will familiarize you with: Spamming Techniques used by Spammers How
More informationIntroduction to Internet Mail. Philip Hazel. University of Cambridge Computing Service. Mail agents
Introduction to Internet Mail Philip Hazel University of Cambridge Computing Service MUA = Mail User Agent Mail agents Interacts directly with the end user Pine, MH, Elm, mutt, mail, Eudora, Mulberry,
More information6to4 Reverse DNS Delegation
NRO Document G. Huston APNIC August 18, 2004 6to4 Reverse DNS Delegation Abstract This memo describes a potential mechanism for entering a description of DNS servers which provide "reverse lookup" of 6to4
More informationUntitled Page. Help Documentation
Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2018 SmarterTools Inc. Antispam Administration SmarterMail comes equipped with a number
More informationObsoletes: 4408 (if approved) October 22, 2012 Intended status: Standards Track Expires: April 25, 2013
Network Working Group S. Kitterman Internet-Draft Kitterman Technical Services Obsoletes: 4408 (if approved) October 22, 2012 Intended status: Standards Track Expires: April 25, 2013 Sender Policy Framework
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationBOTNET-GENERATED SPAM
BOTNET-GENERATED SPAM By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009 www.securitycartoon.com 3/27/2009 Areej Al-Bataineh - Botnet-generated Spam 2 1 Botnets: A Global
More informationOutline. EEC-484/584 Computer Networks. Slow Start Algorithm. Internet Congestion Control Algorithm
EEC-484/584 Computer Networks Lecture 19 wenbing@ieee.org (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB and Prentice-Hall) Outline TCP slow start and congestion avoidance The
More informationDomain Name System (DNS) Session 2: Resolver Operation and debugging. Joe Abley AfNOG Workshop, AIS 2017, Nairobi
Domain Name System (DNS) Session 2: Resolver Operation and debugging Joe Abley AfNOG Workshop, AIS 2017, Nairobi DNS Resolver Operation How Resolvers Work (1)! If we've dealt with this query before recently,
More informationMailMarshal SMTP Anti-Spam Configuration
Technical White Paper MailMarshal SMTP Anti-Spam Configuration Contents Best Practices 2 Optimum Base Configuration 2 SpamProfiler 3 SpamCensor 4 SpamBotCensor 6 URLCensor 6 Reputation Services (DNS Blacklists)
More informationSPF (Sender Policy Framework)
SPF (Sender Policy Framework) Harpreet Singh Riat (hsr22@bath.ac.uk) 1 Agenda What s SPF? Why is it needed? How does it work? Who uses it? 2 Security flaws in SMTP Flaw: SMTP allows any computer to send
More informationUsing Centralized Security Reporting
This chapter contains the following sections: Centralized Email Reporting Overview, on page 1 Setting Up Centralized Email Reporting, on page 2 Working with Email Report Data, on page 4 Understanding the
More informationElectronic Mail. Prof. Indranil Sen Gupta. Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur
Electronic Mail Prof. Indranil Sen Gupta Professor, Dept. of Computer Science & Engineering Indian Institute of Technology Kharagpur 1 Introduction Most heavily used application on the Internet. Simple
More informationMail agents. Introduction to Internet Mail. Message format (1) Message format (2)
Introduction to Internet Mail Noah Sematimba Based on Materials by Philip Hazel. Mail agents MUA = Mail User Agent Interacts directly with the end user Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom,
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationElectronic Mail (SMTP)
Electronic Mail (SMTP) Nowadays email is more popular than the paper letters called snail-mails. It is a form of network communication. Some of the other forms of network communication being voice-over-internet,
More informationCCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols
CCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols LOCAL CISCO ACADEMY ELSYS TU INSTRUCTOR: STELA STEFANOVA 1 Objectives Functions of the three upper OSI model layers, network services
More informationUse and Abuse of Anti-Spam White/Black Lists
Page 1 of 5 Use and Abuse of Anti-Spam White/Black Lists September 26, 2006 White and Black lists are standard spam filters. Their typically simple interface, provide a way to quickly identify emails as
More informationDNS Management with Blue Cat Networks at PSU
DNS Management with Blue Cat Networks at PSU Network and System Administrators at Penn State can make their own DNS changes, live, using the Blue Cat Proteus web-based interface. Proteus will be used by
More informationDomain Name System (DNS) Session-1: Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember Session-1: Fundamentals Computers may be moved between networks, in which case their IP
More informationAccount Customer Portal Manual
Account Customer Portal Manual Table of Contents Introduction Dashboard Section Reporting Section My Settings Section My Account Section Billing Section Help Section 2 4 7 15 20 25 27 1 Introduction SMTP
More informationSynology MailPlus Server Administrator's Guide. Based on MailPlus Server 1.4.0
Synology MailPlus Server Administrator's Guide Based on MailPlus Server 1.4.0 Table of Contents Chapter 1: Introduction Chapter 2: Getting Started with MailPlus Server Connect Synology NAS to the Internet
More informationDomain Name System (DNS) DNS Fundamentals. Computers use IP addresses. Why do we need names? hosts.txt does not scale. The old solution: HOSTS.
Domain Name System (DNS) Computers use IP addresses. Why do we need names? Names are easier for people to remember DNS Fundamentals Computers may be moved between networks, in which case their IP address
More informationCN Assignment I. 1. With an example explain how cookies are used in e-commerce application to improve the performance.
CN Assignment I 1. With an example explain how cookies are used in e-commerce application to improve the performance. In an e-commerce application, when the user sends a login form to the server, the server
More informationSender Reputation Filtering
This chapter contains the following sections: Overview of, on page 1 SenderBase Reputation Service, on page 1 Editing Score Thresholds for a Listener, on page 4 Entering Low SBRS Scores in the Message
More information. SMTP, POP, and IMAP
E-Mail SMTP, POP, and IMAP Scope How Email Appears to Work How Email Really Works Mail User Agent (MUA) Message Format Mail Delivery Agent (MDA)/ Mail Transfer Agent (MTA) Firewalls, Spam and Virus Filters
More informationESMTP Support for Cisco IOS Firewall
ESMTP Support for Cisco IOS Firewall Finding Feature Information ESMTP Support for Cisco IOS Firewall Last Updated: June 14, 2011 The ESMTP Support for Cisco IOS Firewall feature enhances the Cisco IOS
More informationAnti-Spam. Overview of Anti-Spam Scanning
This chapter contains the following sections: Overview of Scanning, on page 1 How to Configure the Appliance to Scan Messages for Spam, on page 2 IronPort Filtering, on page 3 Cisco Intelligent Multi-Scan
More informationCOSC 301 Network Management. Lecture 14: Electronic Mail
COSC 301 Network Management Lecture 14: Electronic Mail Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 14: Electronic Mail 1 Today s Focus Electronic Mail -- How does it work? -- How
More informationUnderstanding the Pipeline
This chapter contains the following sections: Overview of the Email Pipeline, page 1 Email Pipeline Flows, page 2 Incoming / Receiving, page 4 Work Queue / Routing, page 6 Delivery, page 10 Overview of
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationAnti-Spam. Overview of Anti-Spam Scanning
This chapter contains the following sections: Overview of Scanning, on page 1 How to Configure the Appliance to Scan Messages for Spam, on page 2 IronPort Filtering, on page 3 Cisco Intelligent Multi-Scan
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationMailCleaner Extended FAQ
MailCleaner Extended FAQ NETHZ Mail Filtering Preferences NETHZ 001 Q: Can I still use my nethz Mail Filtering Preferences? A: The "email Spamfilter" option of the www.passwort.ethz.ch user interface will
More informationTOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS 1 Introduction Your data and infrastructure are at the heart of your business. Your employees, business partners, and
More informationFortinet.Certdumps.FCESP.v by.Zocki.81q. Exam Code: FCESP. Exam Name: Fortinet Certified Security Professional
Fortinet.Certdumps.FCESP.v2014-03-05.by.Zocki.81q Number: FCESP Passing Score: 600 Time Limit: 105 min File Version: 18.5 http://www.gratisexam.com/ Exam Code: FCESP Exam Name: Fortinet Certified Email
More informationDetecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine Shuang Hao, Nadeem Ahmed Syed, Nick Feamster, Alexander G. Gray, Sven Krasser Motivation Spam: More than Just a
More informationOn the Surface. Security Datasheet. Security Datasheet
Email Security Datasheet Email Security Datasheet On the Surface No additional hardware or software required to achieve 99.9%+ spam and malware filtering effectiveness Initiate service by changing MX Record
More informationTable of Contents Control Panel Access... 1 Incoming... 6 Outgoing Archive Protection Report Whitelist / Blacklist...
User Guide Table of Contents Control Panel Access... 1 Access MxVault Control Panel... 2 Incoming... 6 Incoming Spam Quarantine... 7 Incoming Log Search... 9 Delivery Queue... 12 Report Non-Spam... 16
More informationCCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols
CCNA Exploration Network Fundamentals Chapter 03 Application Functionality and Protocols Updated: 27/04/2008 1 3.1 Applications: The Interface Between Human and Networks Applications provide the means
More informationConfiguring the Botnet Traffic Filter
CHAPTER 46 Malware is malicious software that is installed on an unknowing host. Malware that attempts network activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary
More informationSMTP. George Porter CSE 124 February 12, 2015
SMTP George Porter CSE 124 February 12, 2015 Homework 2 out Announcements Project 2 checkpoint due Tuesday Traditional Applications Two of the most popular The World Wide Web and Email. Broadly speaking,
More informationDNS Firewall with Response Policy Zone. Suman Kumar Saha bdcert Amber IT Limited
DNS Firewall with Response Policy Zone Suman Kumar Saha bdcert suman@bdcert.org Amber IT Limited suman@amberit.com.bd DNS Response Policy Zone(RPZ) as Firewall RPZ allows a recursive server to control
More informationConfiguration Section
8 Configuration Section MailCleaner can be easily customized to fit your needs and your working style. The Configuration menu contains six sections: Interface, Address groups, Address settings, Quarantine
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More information1 Connectionless Routing
UCSD DEPARTMENT OF COMPUTER SCIENCE CS123a Computer Networking, IP Addressing and Neighbor Routing In these we quickly give an overview of IP addressing and Neighbor Routing. Routing consists of: IP addressing
More informationWith turing you can: Identify, locate and mitigate the effects of botnets or other malware abusing your infrastructure
Decoding DNS data If you have a large DNS infrastructure, understanding what is happening with your real-time and historic traffic is difficult, if not impossible. Until now, the available network management
More informationFranzes Francisco Manila IBM Domino Server Crash and Messaging
Franzes Francisco Manila IBM Domino Server Crash and Messaging Topics to be discussed What is SPAM / email Spoofing? How to identify one? Anti-SPAM / Anti-email spoofing basic techniques Domino configurations
More informationto Stay Out of the Spam Folder
Tips and Tricks to Stay Out of the Spam Folder At SendGrid we are very serious about email deliverability. We live and breathe it each day. Similar to how Google keeps adjusting its search algorithm to
More informationphoenixnap Client Portal
phoenixnap Client Portal 1 phoenixnap Client Portal Disclaimer Please be aware that DNS management can be a confusing and complicated system. If you get something wrong, you might experience problems such
More informationFireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.
Fireware-Essentials Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.0 http://www.gratisexam.com/ Fireware Essentials Fireware Essentials Exam Exam A QUESTION 1 Which
More informationMxVault Questions and Answers
Table of Contents INCOMING SERVICE... 2 1. INCOMING FILTERING SERVICE... 2 2. DOMAIN ALIASING... 5 3. ENCRYPTION TLS... 6 4. REPORTING SPAM... 6 5. ERROR CODE 500... 8 6. GREYLISTING... 8 7. MESSAGE QUEUING...
More informationConfiguring IP Services
CHAPTER 8 Configuring IP Services This chapter describes how to configure optional IP services supported by the Cisco Optical Networking System (ONS) 15304. For a complete description of the commands in
More informationCSC 4900 Computer Networks:
CSC 4900 Computer Networks: Email Professor Henry Carter Fall 2017 Villanova University Department of Computing Sciences Review Last week we talked about design principles, and the application protocols
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationComputer Network 2015 Mid-Term Exam.
Computer Network 2015 Mid-Term Exam. Question : ``Basic of Computer Networks and the Internet' Please fill into the blanks (15%) a) The amount of time required to push all of a packet s bits into a link
More informationUnderstanding Forgery Properties of Spam Delivery Paths
Understanding Forgery Properties of Spam Delivery Paths Fernando Sanchez Florida State University sanchez@cs.fsu.edu Zhenhai Duan Florida State University duan@cs.fsu.edu Yingfei Dong University of Hawaii
More informationContent Filters. Overview of Content Filters. How Content Filters Work. This chapter contains the following sections:
This chapter contains the following sections: Overview of, page 1 How Work, page 1 Content Filter Conditions, page 2 Content Filter Actions, page 9 How to Filter Messages Based on Content, page 17 Overview
More informationCore DDI Basics NIOS 8.1
DEPLOYMENT GUIDE Core DDI Basics NIOS 8.1 2017 Infoblox Inc. All rights reserved. Core DDI Basics NIOS 8.1 July 2017 Page 1 of 33 Contents Prerequisites... 3 Extensible Attributes... 3 Creating Extensible
More informationDomain Name Service. Product Description. Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 03 Date 2018-08-15 HUAWEI TECHNOLOGIES CO., LTD. Copyright Huawei Technologies Co., Ltd. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationAugust 14th, 2018 PRESENTED BY:
August 14th, 2018 PRESENTED BY: APPLICATION LAYER ATTACKS 100% 80% 60% 40% 20% 0% DNS is the second most targeted protocol after HTTP. DNS DoS techniques range from: Flooding requests to a given host.
More informationError Codes have 3 Digits
The top portion covers bounce back messages. The x.x.x The xxx Examples of real Error messages with an explaination. (the email client errors coming in the future) The 2nd half covers email connection
More informationOutline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016
Networks and Communication Department NET 412 NETWORK SECURITY PROTOCOLS Lecture 7: DNS Security 2 Outline Part I: DNS Overview of DNS DNS Components DNS Transactions Attack on DNS Part II: DNS Security
More informationCentralized Policy, Virus, and Outbreak Quarantines
Centralized Policy, Virus, and Outbreak Quarantines This chapter contains the following sections: Overview of Centralized Quarantines, page 1 Centralizing Policy, Virus, and Outbreak Quarantines, page
More informationSonicWALL Security 6.2 Appliance
Email Security SonicWALL Email Security 6.2 Appliance System Compatibility SonicWALL Email Security 6.2 is supported on the following SonicWALL Email Security appliances: SonicWALL Email Security 200 SonicWALL
More informationWeCloud Security. Administrator's Guide
WeCloud Security Administrator's Guide WeCloud Security Administrator's Guide WeCloud Security provides a variety of useful features within a user-friendly web console to manage the functions including
More informationFalling Trees or If a DNS Server is Lame but Nobody Queries It, Should You Send an ?
Falling Trees or If a DNS Server is Lame but Nobody Queries It, Should You Send an E-mail? Shane Kerr DNS Working Group, RIPE 59 Lisbon, 2009-10-08 Background The RIPE NCC implemented a
More informationCurrent developments. Zombies suck the life out of the mail server. Wietse at mailserver conference, IBM Research IBM Corporation
Current developments Zombies suck the life out of the mail server. Wietse at mailserver conference, 2009 1999: You built a mail system that runs on UNIX, so you didn t have to worry about Windows viruses.
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationIceWarp Unified Communications. AntiVirus Reference. Version 10.4
IceWarp Unified Communications AntiVirus Reference Version 10.4 Printed on 30 November, 2012 Contents AntiVirus 1 Anti-Virus... 2 Latest Avast! Engine... 2 Kaspersky Anti-Virus Support... 2 Support for
More informationDistributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013
Distributed Systems 27. Firewalls and Virtual Private Networks Paul Krzyzanowski Rutgers University Fall 2013 November 25, 2013 2013 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive
More informationLocal DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Install and configure the DNS server. SEED Labs Local DNS Attack Lab 1
SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006-2015 Wenliang Du, Syracuse University. The development of this document is partially funded by the National Science Foundation s Course,
More informationCS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS
: Computer Networks Lecture 6: Apr 5, 2004 Naming and DNS Any problem in computer science can be solved with another layer of indirection David Wheeler Naming is a layer of indirection What problems does
More informationBIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0
BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web
More informationMailCleaner Extended FAQ
MailCleaner Extended FAQ NETHZ Mail Filtering Preferences NETHZ 001 Q: Can I still use my nethz Mail Filtering Preferences? A: The "email Spamfilter" option of the www.passwort.ethz.ch user interface will
More informationIntroduction. Logging in. WebMail User Guide
Introduction modusmail s WebMail allows you to access and manage your email, quarantine contents and your mailbox settings through the Internet. This user guide will walk you through each of the tasks
More informationManaging Spam. To access the spam settings in admin panel: 1. Login to the admin panel by entering valid login credentials.
Email Defense Admin Panel Managing Spam The admin panel enables you to configure spam settings for messages. Tuning your spam settings can help you reduce the number of spam messages that get through to
More informationTracking Evil with Passive DNS
Tracking Evil with Passive DNS Bojan Ždrnja, CISSP, GCIA, GCIH Bojan.Zdrnja@infigo.hr INFIGO IS http://www.infigo.hr Who am I? Senior information security consultant with INFIGO IS (Croatia) Mainly doing
More informationChapter 6 Addressing the Network- IPv4
Chapter 6 Addressing the Network- IPv4 Objectives Explain the structure IP addressing and demonstrate the ability to convert between 8- bit binary and decimal numbers. Given an IPv4 address, classify by
More informationSimple manual for ML administrators (Mailman) Version 4.2 (Mailing List Service)
Simple manual for ML administrators (Mailman) Version 4.2 (Mailing List Service) Academic Computing & Communication center University of Tsukuba 10/3/2017 Index 1. Introduction... 1 2. Checklist before
More information